In a recently aired episode of Security Now, episode # 163 GoogleUpdate & DNS Security. He talks about, in great detail about a type on DNS in some parts of the world ow being offered now. The DNS is more secure and every site is signed with keys. Only problem is that low performance and uses up to much bandwidth. Also this way is easyer to do an DDOS (Denial-of-service attack) This attack suts down a server or in this case a DNS.

“A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internetsite or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even DNS root servers.”

another quote from wikipedia for someone who wants mor detail on DNSSEC is ”

The Domain Name System Security Extensions (DNSSEC) are a suite of IETF specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers):

Origin authentication of DNS data

Data integrity

Authenticated denial of existence

It is widely believed that deploying DNSSEC is critically important for securing the Internet as a whole, but deployment has been hampered by the difficulty of:

Devising a backward-compatible standard that can scale to the size of the Internet

Preventing “zone enumeration” (see below) where desired

Deploying DNSSEC implementations across a wide variety of DNS servers and resolvers (clients)

Disagreement among key players over who should own the .com (etc) root keys

Steve talked about that the main domains have to all agree on this and implement it for it to work so they can be a party to sign a key, to confirm that site you are on is the site you want to be on not a fake site that has changed the url or infected you PC or even the DNS. So if all the party’s agree it will be confirmed that the site you are on is the one you want.

“The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource participating in the Internet. It associates various information with domain names assigned to such participants. Most importantly, it translates humanly meaningful domain names to the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices world-wide.

An often used analogy to explain the Domain Name System is that it serves as the “phone book” for the Internet by translating human-friendly computer hostnames into IP addresses. For example, www.example.com translates to 208.77.188.166.”